diff --git a/ops/machines/gerrit01/default.nix b/ops/machines/gerrit01/default.nix
index 30b8ae648..e964e6631 100644
--- a/ops/machines/gerrit01/default.nix
+++ b/ops/machines/gerrit01/default.nix
@@ -64,6 +64,7 @@ in
     {
       gerrit-oauth-secret.file = secretFile "gerrit-oauth-secret";
       gerrit-replication-key.file = secretFile "gerrit-replication-key";
+      gerrit-sendemail-smtp-pass.file = secretFile "gerrit-sendemail-smtp-pass";
       gerrit-autosubmit.file = secretFile "gerrit-autosubmit";
       gerrit-besadii-config = {
         file = secretFile "buildkite-besadii-config";
diff --git a/ops/modules/monorepo-gerrit.nix b/ops/modules/monorepo-gerrit.nix
index 5038583a4..0ef56dc47 100644
--- a/ops/modules/monorepo-gerrit.nix
+++ b/ops/modules/monorepo-gerrit.nix
@@ -145,16 +145,17 @@ in
       # $site_path/etc/secure.config and is *not* controlled by Nix.
       #
       # Receiving email is not currently supported.
-      # sendemail = {
-      #   enable = true;
-      #   html = false;
-      #   connectTimeout = "10sec";
-      #   from = "TVL Code Review <tvlbot@tazj.in>";
-      #   includeDiff = true;
-      #   smtpEncryption = "none";
-      #   smtpServer = "localhost";
-      #   smtpServerPort = 2525;
-      # };
+      sendemail = {
+        enable = true;
+        html = true; # multi-part, both html and plaintext
+        connectTimeout = "10sec";
+        from = "Snix Code Review <gerrit@snix.dev>";
+        includeDiff = true;
+        smtpEncryption = "tls";
+        smtpServer = "smtp.postmarkapp.com";
+        smtpUser = "PM-T-snix-gerrit-2reTInskye8FLoYt11_";
+        smtpServerPort = 2525;
+      };
     };
 
     # Replication of the snix repository to secondary machines, for
@@ -235,6 +236,8 @@ in
       # ... and finally, plop our secrets inside, and give the file to gerrit.
       git config -f $CONF plugin.gerrit-oauth-provider-keycloak-oauth.client-secret \
         "$(cat ${config.age.secrets.gerrit-oauth-secret.path})"
+      git config -f $CONF sendemail.smtpPass \
+        "$(cat ${config.age.secrets.gerrit-sendemail-smtp-pass.path})"
 
       chown git:git $CONF
     '';
diff --git a/ops/secrets/gerrit-sendemail-smtp-pass.age b/ops/secrets/gerrit-sendemail-smtp-pass.age
new file mode 100644
index 000000000..6d9eb8a2e
--- /dev/null
+++ b/ops/secrets/gerrit-sendemail-smtp-pass.age
@@ -0,0 +1,11 @@
+age-encryption.org/v1
+-> ssh-ed25519 +qVung aBjr4zZO5ndoL0/tbaQbxZAEUHb1Gj8xHNwHOjOvTz0
+F3k5w0BbmjQSk70k1pclS5xpzTjtFAzRbFDl6/sUN6Q
+-> X25519 k1Q7xe5aOcc13MgEu6SiVm3e9vxnzaDI8RfyiUCbpRw
+5QVIuw5c3ivkXpmTHXLbyNWzITjHyM2QiAQPy0/KsPk
+-> ssh-ed25519 C2zWnA n/XXSXy0ik3u1EiqZlZMnhx5eMhI7rxaKIwWlescZUA
++CmgFmp9YRuhdQFemcALNwHiMXSgMzmC7TLRxruu5Bg
+-> ssh-ed25519 x3gRmg QqKrosSOJNSm5NHVOuIfzGbCl9WNJM2SnnzJdW0Vdjo
+gRmD8UtobTWj6fTpBnKL3irGN0lAE3fX81cDjalLjnA
+--- 6cnSxBokWSQ9hu9nX0akHUQdpuhVKzyBHorRQdaLLEg
+¢X™&†7§_Ëp‚,¤À¦ýê9=î’ôm2'û0%¸fº\Iê²Hÿ.݈9YY/sZðœ¿@ñ—ð–€·Ž®œ¤>½l”
\ No newline at end of file
diff --git a/ops/secrets/secrets.nix b/ops/secrets/secrets.nix
index 665674f67..e56f23c7a 100644
--- a/ops/secrets/secrets.nix
+++ b/ops/secrets/secrets.nix
@@ -37,6 +37,7 @@ in
   "keycloak-db-password.age" = public01Default;
   "gerrit-oauth-secret.age" = gerrit01Default;
   "gerrit-replication-key.age" = gerrit01Default;
+  "gerrit-sendemail-smtp-pass.age" = gerrit01Default;
   "gerrit-autosubmit.age" = gerrit01Default;
 
   "forgejo-oauth-secret.age" = public01Default;